Test Firewall Rules

From Oracle FAQ
Jump to: navigation, search

Oracle Professionals are sometimes required to apply for firewall access within a company to ensure connectivity to required services. As an example, a DBA may need to create database links to other databases or open ports to the RMAN Catalog and OEM Repository. Such request can vary from just a couple of lines to hundreds of rules that must be applied to various firewalls. This article will describe a method to automatically test access to ensure successful implementation of firewall rules on a Linux/ Unix server (tested on Solaris, but should work on all platforms that ships with the bash shell).

First, construct a CSV file with your rules. The fields are "From IP", "To IP", Port, [optional info...]

For example: fwtest.dat,, 22,, 1521

Now, create a script to test your rules (let's call it fwtest.sh):


cat fwtest.dat |
  while IFS=',' read -r from to port rest; do
       echo TEST ACCESS From=$from To=$to Port=$port
       timeout 2 bash -c "</dev/tcp/${to}/${port}"
       if [ "$?" -ne 0 ]; then
          echo "Connection to $to on port $port failed"
          NotOK=$[NotOK + 1]
          echo "Connection to $to on port $port succeeded"
          OK=$[OK + 1]

  echo Successful = $OK
  echo Failed  = $NotOK

Sample output:

TEST ACCESS From= To= Port=22
Connection to on port 22 succeeded
TEST ACCESS From= To= Port=1521
bash: connect: Connection refused
Connection to on port 1521 failed
Successful = 1
Failed = 1